1.User Reviews of every system where users are configured.These reviews look for accounts of employees that are no longer on the payroll, have changed roles, or no longer need access.
2.Firewall Reviews look for ingress and egress rules that may no longer be required, present a security risk, or were added without proper approval or vetting.
3.Configuration Reviews that verify configuration settings for security devices and appliances to assure they are properly configured and functioning.
4.Required Activities to verify things that need to happen in the program are happening.For example, there needs to be at least Annual Penetration Testing.For PCI, there needs to be Quarterly PCI Scans completed.
This is just the start of the list.What are some other things you would put on the VAP for your program?
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here